Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

12,704 advisories

Loading
DataChain Vulnerable to Deserialization of Untrusted Data from Environment Variables Low
CVE-2025-61677 was published for datachain (pip) Oct 2, 2025
gothburz
Credited to gothburz
Potentially sensitive information in jobs on KNIME Business Hub prior to 1.16.0 were visible to... Low Unreviewed
CVE-2025-11239 was published Oct 2, 2025
Django vulnerable to partial directory traversal via archives Low
CVE-2025-59682 was published for django (pip) Oct 1, 2025
Auth0 Symfony SDK Does Not Properly Handle File Types in Bulk User Import Low
GHSA-7jp2-5h22-m432 was published for auth0/symfony (Composer) Oct 1, 2025
Auth0 Wordpress plugin Does Not Properly Handle File Types in Bulk User Import Low
GHSA-w22c-pw5m-482x was published for auth0/wordpress (Composer) Oct 1, 2025
laravel-auth0 SDK Does Not Properly Handle File Types in Bulk User Import Low
GHSA-hjfh-5jmm-xr24 was published for auth0/login (Composer) Oct 1, 2025
auth0-PHP SDK Does Not Properly Handle File Types in Bulk User Import Low
CVE-2025-58769 was published for auth0/auth0-php (Composer) Oct 1, 2025
Fiora chat group avatar is vulnerable to XSS via SVG files Low
CVE-2025-56515 was published for fiora (npm) Oct 1, 2025
Fiora chat user avatar is vulnerable to XSS via SVG files Low
CVE-2025-56514 was published for fiora (npm) Oct 1, 2025
IBM Transformation Extender Advanced 10.0.1 stores potentially sensitive information in log files... Low Unreviewed
CVE-2023-50301 was published Oct 1, 2025
Rapid7 AppSpider Pro versions below 7.5.021 suffer from a project name validation vulnerability,... Low Unreviewed
CVE-2025-11195 was published Sep 30, 2025
NVIDIA Delegated Licensing Service for all appliance platforms contains a vulnerability where an... Low Unreviewed
CVE-2025-23291 was published Sep 30, 2025
The EKEN video doorbell T6 BT60PLUS_MAIN_V1.0_GC1084_20230531 periodically sends debug logs to... Low Unreviewed
CVE-2025-56675 was published Sep 30, 2025
vet MCP Server SSE Transport DNS Rebinding Vulnerability Low
CVE-2025-59163 was published for github.com/safedep/vet (Go) Sep 29, 2025
eharris128
Credited to eharris128
IBM Lakehouse (watsonx.data 2.2) stores potentially sensitive information in log files that could... Low Unreviewed
CVE-2025-36144 was published Sep 27, 2025
IBM Cognos Controller 11.0.0 through 11.0.1, and IBM Controller 11.1.0 through 11.1.1 could allow... Low Unreviewed
CVE-2025-36326 was published Sep 26, 2025
kcp is missing update validation allows arbitrary LogicalCluster status patches through initializingworkspaces Virtual Workspace Low
GHSA-q6hv-wcjr-wp8h was published for github.com/kcp-dev/kcp (Go) Sep 26, 2025
SimonTheLeg embik
Credited to SimonTheLeg and embik
JupyterLab LaTeX typesetter links did not enforce `noopener` attribute Low
CVE-2025-59842 was published for jupyterlab (pip) Sep 26, 2025
Yaniv-git krassowski
dlqqq
Credited to Yaniv-git, krassowski, and dlqqq
An issue has been discovered in GitLab CE/EE affecting all versions from 17.10 before 18.2.7, 18... Low Unreviewed
CVE-2025-5069 was published Sep 26, 2025
An issue has been discovered in GitLab CE/EE affecting all versions from 17.4 before 18.2.7, 18.3... Low Unreviewed
CVE-2025-10868 was published Sep 26, 2025
An issue has been discovered in GitLab EE affecting all versions from 16.6 before 18.2.7, 18.3... Low Unreviewed
CVE-2025-10871 was published Sep 26, 2025
WSO2's Input Validation Management Service contains Observable Discrepancy when Multi-Attribute Login is enabled Low
CVE-2025-1396 was published for org.wso2.carbon.identity.framework:org.wso2.carbon.identity.input.validation.mgt (Maven) Sep 26, 2025
An issue has been discovered in GitLab CE/EE affecting all versions from 18.1 before 18.2.7, 18.3... Low Unreviewed
CVE-2025-10867 was published Sep 26, 2025
The ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution plugin for... Low Unreviewed
CVE-2025-10173 was published Sep 26, 2025
A vulnerability was identified in JeecgBoot up to 3.8.2. Impacted is an unknown function of the... Low Unreviewed
CVE-2025-10977 was published Sep 26, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database